def getProjectName() {
    def projectName = sh script: "mvn help:evaluate -Dexpression=project.name  |  grep -v '\\[' | grep -v 'Download'", returnStdout: true
    return projectName.trim()
}


/**
 * dependencyTrack
 * 安全扫描，检查java项目中依赖jar组件安全性
 * author: lidong
 * @return
 */
def dependencyTrack(branchs = ['master']) {
    if (!branchs.contains(env.BRANCH_NAME)) {
        return
    }
    def projectName = getProjectName()
    def projectVersion = versionUtil.getVersion()

    timeout(40) {
        try {
            //    分析项目中依赖安全性，生成 bom.xml，通过上传 Jenkins dependencytrack 插件上传到分析平台
            sh script: "mvn org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom"
            sh script: "mvn io.github.pmckeown:dependency-track-maven-plugin:upload-bom " +
                    "-Ddependency-track.projectName=${projectName} " +
                    "-Ddependency-track.projectVersion=${projectVersion} " +
                    "-Ddependency-track.dependencyTrackBaseUrl=http://172.30.12.159:18081 " +
                    "-Ddependency-track.apiKey=Y8371wrwEHCSZBoq8EUQc6M9gaCWfO0g"
        } catch (err) {
            echo "dependencytrack failed!"
            echo err.getMessage()
        }
    }
}

def murphyScan(projectName, branchs = ['master']) {
    if (!branchs.contains(env.BRANCH_NAME)) {
        return
    }

    timeout(60) {
        try {
            sh script: "chmod +x /data/jenkins/tools/sec_scan/murphy/murphysec-cli-linux"
            sh script: "/data/jenkins/tools/sec_scan/murphy/murphysec-cli-linux scan " +
                    "--server http://172.30.8.151 " +
                    "--project-name ${projectName} " +
                    "--token ClO0b3xeFrGYboCq ."
        } catch (err) {
            echo "murphyScan failed!"
            echo err.getMessage()
        }
    }
}


/**
 * fortifySca
 * 安全扫描，分析代码安全性
 * author: lidong
 * @return
 */
def fortifySca(branchs = ['master']) {
    if (!branchs.contains(env.BRANCH_NAME)) {
        return
    }
    def projectName = getProjectName()
    def projectVersion = versionUtil.getVersion()

    timeout(60) {
        try {
            /*
        1. 创建应用
        2. 执行清理
        3. 翻译代码
        4. 执行扫描
        5. 上传扫描结果fpr文件到ssc
         */
            sh script: "python /data/jenkins/tools/sec_scan/fortify/createApplication.py ${projectName} ${projectVersion}"
            sh script: "export PATH=/data/jenkins/tools/sec_scan/fortify/bin/:\$PATH && " +
                    "/data/jenkins/tools/sec_scan/fortify/bin/sourceanalyzer -b ${projectName} touchless " +
                    "mvn com.fortify.sca.plugins.maven:sca-maven-plugin:clean"
            sh script: "export PATH=/data/jenkins/tools/sec_scan/fortify/bin/:\$PATH && " +
                    "/data/jenkins/tools/sec_scan/fortify/bin/sourceanalyzer -b ${projectName} touchless " +
                    "mvn com.fortify.sca.plugins.maven:sca-maven-plugin:translate"
            sh script: "export PATH=/data/jenkins/tools/sec_scan/fortify/bin/:\$PATH && " +
                    "/data/jenkins/tools/sec_scan/fortify/bin/sourceanalyzer -b ${projectName} touchless " +
                    "mvn com.fortify.sca.plugins.maven:sca-maven-plugin:scan"
            def uploadFprFileName = sh script: "ls -lcr target/fortify/*.fpr | head -n 1 | awk '{print \$9}'", returnStdout: true
            sh script: "export PATH=/data/jenkins/tools/sec_scan/fortify/bin/:\$PATH && " +
                    "/data/jenkins/tools/sec_scan/fortify/bin/fortifyclient uploadFPR " +
                    "-url http://172.30.12.159:18080/ssc -authtoken ad90ff44-9671-4c81-a1ef-ee110472fcb2 " +
                    "-application ${projectName} -applicationVersion ${projectVersion} -file ${uploadFprFileName}"
        } catch (err) {
            echo "SATS failed!"
            echo err.getMessage()
        }
    }
}